Telephone-Oriented Attack Delivery (TOAD) Bypasses Secure Email Gateways
Summary
Hide ▲
Show ▼
Telephone-Oriented Attack Delivery (TOAD) emails, which contain only a phone number as the payload, are bypassing secure email gateways and becoming a significant threat. These attacks, which accounted for nearly 28% of gateway-bypassing detections, exploit the simplicity of a phone number to evade detection and manipulate victims into revealing sensitive information or granting remote access. The attacks are particularly effective due to their ability to blend in with legitimate business communications and the increasing sophistication of evasion tactics.
Timeline
-
25.02.2026 16:00 1 articles · 3h ago
TOAD Attacks Bypass Secure Email Gateways
Between December 2025 and February 2026, researchers identified that TOAD attacks accounted for nearly 28% of all gateway-bypassing detections. These attacks use a simple phone number as the payload, making them difficult to detect and block. The study also found that attackers are using increasingly sophisticated evasion tactics, with over 1,400 unique combinations tracked.
Show sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
Information Snippets
-
TOAD emails accounted for nearly 28% of all gateway-bypassing detections in a study of 5,000 email-based threat detections.
First reported: 25.02.2026 16:001 source, 1 articleShow sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
-
TOAD attacks bypass email security architectures because the payload—a phone number—is indistinguishable from legitimate business contact.
First reported: 25.02.2026 16:001 source, 1 articleShow sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
-
The average TOAD detection used more than four attack techniques simultaneously, with over 1,400 unique evasion combinations tracked.
First reported: 25.02.2026 16:001 source, 1 articleShow sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
-
TOAD attacks are effective against both Google- and Microsoft-hosted email platforms.
First reported: 25.02.2026 16:001 source, 1 articleShow sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
-
Sophisticated attacks use a multilayered approach, each layer defeating a different detection capability.
First reported: 25.02.2026 16:001 source, 1 articleShow sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
-
A third of the attacks seen in the report were 'structurally invisible,' making them difficult to detect with conventional email rules.
First reported: 25.02.2026 16:001 source, 1 articleShow sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00